Skip to content

Add 💡

Add 💡 #3119

Workflow file for this run

name: CI
on:
push:
branches:
- '**'
- '!main'
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: docker/build-push-action@v5
with:
context: .
tags: data_pass:latest
outputs: type=docker,dest=/tmp/data_pass.tar
cache-from: type=gha
cache-to: type=gha,mode=max
-
name: Cache image and ENV file
id: data_pass-docker
uses: actions/cache@v4
with:
path: |
/tmp/data_pass.tar
./.github/workflows/test.env
key: ${{ github.sha }}-data_pass
security:
name: "Security: Brakeman"
runs-on: ubuntu-latest
needs: build
steps:
- uses: docker/setup-buildx-action@v3
- uses: actions/cache@v4
with:
path: |
/tmp/data_pass.tar
./.github/workflows/test.env
key: ${{ github.sha }}-data_pass
- run: docker load --input /tmp/data_pass.tar
- run: docker run --rm --entrypoint="" data_pass:latest bundle exec brakeman
rb-lint:
name: "Linting: Rubocop"
runs-on: ubuntu-latest
needs: build
steps:
- uses: docker/setup-buildx-action@v3
- uses: actions/cache@v4
with:
path: |
/tmp/data_pass.tar
./.github/workflows/test.env
key: ${{ github.sha }}-data_pass
- run: docker load --input /tmp/data_pass.tar
- run: docker run --rm --entrypoint="" data_pass:latest bundle exec rubocop
js-lint:
name: "Linting: Standardjs"
runs-on: ubuntu-latest
needs: build
steps:
- uses: docker/setup-buildx-action@v3
- uses: actions/cache@v4
with:
path: |
/tmp/data_pass.tar
./.github/workflows/test.env
key: ${{ github.sha }}-data_pass
- run: docker load --input /tmp/data_pass.tar
- run: docker run --rm --entrypoint="" data_pass:latest standard app/javascript
yaml-lint:
name: "Linting: YAML through prettier"
runs-on: ubuntu-latest
needs: build
steps:
- uses: docker/setup-buildx-action@v3
- uses: actions/cache@v4
with:
path: |
/tmp/data_pass.tar
./.github/workflows/test.env
key: ${{ github.sha }}-data_pass
- run: docker load --input /tmp/data_pass.tar
- run: docker run --rm --entrypoint="" data_pass:latest ./bin/lint-yaml
unit-tests:
name: "Unit tests: RSpec"
runs-on: ubuntu-latest
needs: build
services:
postgres:
image: postgres
ports: ["5432:5432"]
env:
POSTGRES_PASSWORD: dummy
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
chrome:
image: browserless/chrome:latest
ports:
- "3333:3333"
env:
PORT: 3333
CONNECTION_TIMEOUT: 600000
redis:
image: redis
ports:
- "6379:6379"
steps:
- uses: docker/setup-buildx-action@v3
- uses: actions/cache@v4
with:
path: |
/tmp/data_pass.tar
./.github/workflows/test.env
key: ${{ github.sha }}-data_pass
- run: docker load --input /tmp/data_pass.tar
- run: |
docker run \
--network="host" \
--env-file ./.github/workflows/test.env \
--rm data_pass bundle exec rspec
integration-tests-admin:
name: "Integration tests: admin"
needs: build
uses: ./.github/workflows/reusable-integration-tests.yaml
with:
cucumber_options: "features/{instructeurs,reporters}/"
integration-tests-dgfip-habilitations:
name: "Integration tests: dgfip habilitations"
needs: build
uses: ./.github/workflows/reusable-integration-tests.yaml
with:
cucumber_options: "features/habilitations/dgfip/"
integration-tests-others-habilitations:
name: "Integration tests: other habilitations"
needs: build
uses: ./.github/workflows/reusable-integration-tests.yaml
with:
cucumber_options: "features/habilitations/ -e features/habilitations/dgfip/"
integration-tests-others:
name: "Integration tests: others"
needs: build
uses: ./.github/workflows/reusable-integration-tests.yaml
with:
cucumber_options: "-e features/instructeurs/ -e features/habilitations/ -e features/reporters/"
merge-with-main:
name: "Merge develop with main"
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/develop'
needs:
- security
- rb-lint
- js-lint
- yaml-lint
- unit-tests
- integration-tests-admin
- integration-tests-dgfip-habilitations
- integration-tests-others-habilitations
- integration-tests-others
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Import GPG key to sign main push
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPG_SECRET_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true
- name: Force push develop to main
run: |
git reset --hard && \
git push --force origin develop:main && \
git fetch && \
[[ ! -s \"$(git rev-parse --git-dir)/shallow\" ]] || git fetch --unshallow
exit 0
continuous-deployment:
name: "Continuous deployment on staging"
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/develop'
needs:
- merge-with-main
timeout-minutes: 10
strategy:
matrix:
host: [watchdoge1, watchdoge2, watchdoge3, watchdoge4]
fail-fast: false
environment: sandbox
env:
DEPLOY_HTTPS_LOGIN: ${{ secrets.DEPLOY_HTTPS_LOGIN }}
DEPLOY_HTTPS_PASSWORD: ${{ secrets.DEPLOY_HTTPS_PASSWORD }}
DEPLOY_HTTPS_REQUEST_URL: ${{ vars.DEPLOY_HTTPS_REQUEST_URL }}
DEPLOY_HTTPS_RESPONSE_URL: ${{ vars.DEPLOY_HTTPS_RESPONSE_URL }}
DEPLOY_HOST: host_${{ matrix.host }}
DEPLOY_APP: datapass_reborn_staging
DEPLOY_BRANCH: ${{ github.ref_name }}
steps:
- name: Download and run deploy script
shell: bash
run: |
git clone https://github.com/etalab/api-entreprise-integration
cd api-entreprise-integration
./deploy-parteprise.sh